At IPL time messages, TSS2000I, TSS2001I and CAS2031I are issued and TSS is even not started yet.
What makes those messages get issued?
Does TSS fully activate after those messages are issued?
To answer to those questions, we need to review z/OS IPL phases briefly.
The IPL (Initial Program Load) phases are mainly:
The hardware process of loading z/OS, the HARDWARE IPL.
The loading and initialization of the nucleus, the IPL RIMs. (Resource Initialization Module)
The initialization of general system resources, the NIP RIMs. (Nucleus Initialization Phase)
Master Scheduler Initialization, the MSI initialization
Let's have a look at MSI in more details because it's during this phase that the z/OS security is started.
- Initialize MIH services
- Complete ASM initialization
- Initialize IOS dynamic pathing, create IOSAS
- Initialize Master's security environment
- Initialize Console attributes, DEL=RD etc.
- Initialize APPC services
- Initialize TSO services
- Initialize LOGREC Logstream recording
- Enable ENF services
- Initialize System Logger services, creates IXGLOG address space
- Vary all available CPs online
- Initialize SMF services, creates SMF address space
- Issue commands in IEACMD00 and COMMNDxx parmlib members
- Initialize RTM services
- Initialize System security processing
- Build defined subsystems
Issue START for primary JES subsystem, if requested
- Hold primary JES STC and TSO processing
- Indicate MSI is complete
- Initialize Master command processing
- Issue command processing available message
- Allow pending address space creates (not done by Master) to complete
- Wait for JES to indicate primary services are available.
All IPL processing is now complete.
When security is started modules, ICHSEC00, ICHSEC05, ICHSCDMY are involved. All are aliases of SAFRTSEC and must reside in LPA.
Module SAFRTSEC, which:
- Iinitializes the SAF and issues the CAS2031 message.
- Calls module TSSMSIM which initializes the security for TSS and writes the TSS2000I and TSS2001I:
TSS2000I CA TOP SECRET MSTR INITIALIZATION IN PROGRESS
TSS2001I CA TOP SECRET MSTR INITIALIZATION COMPLETE
CAS2031I CA SAF interface initialization complete
When all is done, TSS is ready to be started and security is fully available when TSS is up and running.